This position is remote.
Senior Director of Security in the security engineering department at GitLab see the team as their product. While they are technically credible and know the details of what security engineers work on, their time is spent hiring a world-class team and putting them in the best position to succeed. They own the delivery of security commitments and are always looking to improve productivity. They must also coordinate across departments to accomplish collaborative goals.
- Set the vision of the Gitlab Security Department with a clear roadmap
- Build and maintain a rapidly growing team with top-tier talent
- Run the most transparent security organization in the world
- Run multiple teams within the department: Security Automation, Application Security, Security Operations, Abuse Operations, Compliance, Threat Intelligence, Strategic Security, Security Research, etc.
- Secure the company
- Secure our self-managed (on-prem) project and products: GitLab CE/EE
- Secure our user-facing SaaS: GitLab.com
- Manage the security incident response process
- Assess and mitigate constantly changing threats
- Establish and implement security policies, procedures, standards, and guidelines
- External communications: Blog, conference speaking, stream company events to YouTube
- Work directly with customers and prospects to address security concerns
- Manage a best-in-class bug bounty program with the highest rewards
- Maintain Investor relations with regard to security
- Act as central point-of-contact to Facility Security Officer for cleared facilities
- Collaborate closely with People Ops, Legal, and any third-party firms to ensure the health and safety of organization’s employees globally
- Leadership at GitLab
- Set up a “Red team” initiative
- Architect and build zero-trust network (ZTN) model
- Best in-class anti-phishing measures
- Test breach remediation
- Ensure regular, automated credential rotation
- Implement a defense-in-depth model
- Implement multi-factor authentication
- Secure and manage internal and external endpoints
Must-haves Skills & Experience
GitLab’s senior director of Security must have all of the following attributes.
- At least 10 years prior experience managing information security teams
- Excellent written and verbal communication skills
- Be able to quickly hire top-quality individuals contributors and managers
- Experience managing a multi-level security organization with managers and IC’s
- Collaborate with other groups outside engineering such as Sales, Legal, People Ops, and Finance
- Ability to excel in a remote-only, multicultural, distributed environment
- Possess domain knowledge of common information security management frameworks and regulatory requirements and applicable standards such as ISO 27001, SOC 2, HIPAA, GDPR, PCI, Sarbox, etc.
- Excellent project and program management skills and techniques
Nice-to-have Skills & Experience
Great candidates will have some meaningful proportion of the following.
- Working knowledge of the GitLab application
- Relevant Bachelor's degree
- Prior fast-growing startup experience
- US Government security clearance
- Product/Platform company experience
- Self-managed (on-prem) software experience
- SaaS software experience
- Experience with consumer-scale services
- Developer platform/tool industry experience
- Deep open source software (OSS) experience
Security Management has the following job-family performance indicators.
- Hiring actual vs plan
- Handbook update frequency
- Team member retention
- HackerOne spend actual vs planned
To view the full job description and its compensation calculator, view our handbook. The compensation calculator can be found towards the bottom of the page.
Additional details about our process can be found on our hiring page.